USB keychains (flash cards)
Results 1 to 7 of 7

Thread: USB keychains (flash cards)

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    256

    Lightbulb USB keychains (flash cards)

    Before I make my post, I want to make it clear that I have looked in the forums and saw a post similar to this one, but I still have a few questions floating in my head.
    With all the security programs out there, most companies will use them to block the floppy drives, cd drives etc. The problem I have noticed at my jobplace, is that they do such. They also filter emails etc. and wont let you attach certain file types. I just purchased however a fancy usb 2.0 keychain (flash) and I noticed since some of us have scanners/printers attached via USB, that the software they use (I think McAfee) does not restrict the USB ports. This got me thinking. How easy would it be to steal files off the PC? Or how easy would it be to execute viruses etc. that terminate the virus scanner? I work for an attornies firm and a lot of the documents on their servers are private and should not be "let out". My concern arises that it IS possible to use the keychain to do damage of some sort. What could be done to protect that scenario? I realize you can block I/O and probably restrict some IRQ settings, but is it truly secure? The particular keychain I got does not require drivers, so installation of a floppy disk is not needed. Keep in mine please, they they can not just disable all usb ports, since they are being used.
    Thanks Guys n Gals.
    Wild

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I hear you. We have thought about this too... there isn't much you can do really... require admin privledges to install new hardware and disable plug and play?

    I have a couple of these flash drives, and they are awesome. I don't have to burn a CD that I'll only use 5mb worth when loading NIC drivers and no more damn floppies, etc. I especially like the ones that have password protection. My palm pilot can only hold so much... and I can take ALL my info with me anywhere. Like my palm, I keep it with me at all times. Its great for when you need it.

    Oh, as far as disabling the AV software... most of the time they are running as services. Deny normal users the privledges of killing services... they can't shut it down. So, you'd need a to escalate privledges, and then write your own virus that is not in the virus database... then it would be possible. I'm just thinking quickly, and haven't put much thought into it...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Junior Member
    Join Date
    Nov 2002
    Posts
    4
    I've wondered about the same thing.

    Some thoughts:
    -If the printer is USB, what is stopping someone from just printing out the file.
    -If on a 2000/XP system and setup properly, the files user permissions should lock out anyone who should not have rights to view file.
    -Good way to sneak in a file though.
    -As far as I know, you cant boot from a USB device.
    -If security is a concern, maybe use a dumb terminal.

  4. #4
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    this is a problem prolly best solved thro physical security rather than any kind of software
    you can buy case's or addons which has a secuirty panel which locks over the drives allowing cables to exit via small slit but which blocks anyone from fiddling (adding/removing) with the hardware connections.
    There are prolly ways of blocking it thro software but the above method will also stop people from using other pieces of hardware which maybe a security or privacy problem - i posted (quite a while ago) about the keyghost keylogger which sits between the keyboard and the computer recording every key pressed - it to does not need to be instaled on a computer so even with a system that is complty locked down to stop people adding removing progs it could be used

    v_Ln

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    As far as I know, you cant boot from a USB device.
    That is possible. How else would someone boot to a removable USB CDROM or floppy.

    Just for a quick example.... look at this .
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    If there is no physical security, then there minus well be no security at all. That has been said many times. If someone has access to your box, than any software protections that are on it are pretty much useless, especially if it is the server or admin box, then there are lots of problems that can be fairly easily started.

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    256

    Thumbs up

    Thanks guys/gals for your input. I think what someone said, you have to be able to physically see the person (monitor them) for total security. The USB keychain I bought actually lets you boot it up as a floppy disk/bootable drive. It also has some sort of boot sector virus protection built in it too. I just if you went to windows 98se, you could prevent the drivers from being loaded. Only ME 2K and XP have the built in drivers (true plug n play). Then again, how many people network with windows 95/98.....not too many that I know of. Again, thanks!
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •